ENS SQL Injection Vulnerabilites

2016.12.19

Ashiyane Digital Security Team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:"Designed & Developed by ENS"

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title: ENS SQL Injection Vulnerabilites
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://www.ensconsultants.com/
|[+]
|[+] Dork : intext:"Designed & Developed by ENS"
|[+]
|[+] Tested on: Kali Linux
|[+]
|[+] Date: 12 /18 / 2016
|=============================================================|
|[+] Proof:
|[+]
|[+] http://www.zionapostolicministries.org/ministries.php?ministries_id=2[SQLI]
|[+] http://www.travazatools.com/products1.php?product_cat_id=99[SQLI]
|[+] http://www.ginapesco.com/Apply.php?careers_id=1[SQLI]
|[+] http://youraqar.com/propertydetails.php?id=45[SQLI]
|[+] http://www.apexfls.com/details.php?id=12[SQLI]
|[+] http://fekwt.com/images.php?photo_cat_id=13[SQLI]
|[+] http://asiansedragroup.com/photos.php?cat=7[SQLI]
|[+] http://www.sadeer.com/productdetails.php?productid=3[SQLI]
|[+]
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| 

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ENS SQL Injection Vulnerabilites

Dork: intext:"Designed & Developed by ENS"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.